Tech Companies Putting Their Profits Before Your Privacy

The problem that came into focus in 2018 was not justhacks, breaches, or unauthorized bad guys breaking into systems. Instead, 2018’s worst privacy actors were the tech companies themselves, harvesting of mountains of users’ data and employing flawed systems to use and share it.

Facebook’s Cambridge Analytica scandal, for example, was the result of a feature of Facebook’s Graph API in 2014. In this case, Facebook was designed to collect as much user information as possible, and then share it indiscriminately with third-party developers. In a set of newly revealed emails from 2012, Mark Zuckerberg acknowledged that he knew “we leak info to developers,” but didn’t think there was enough “strategic risk” to do anything about it.

The torrent of data-related scandals this year drove new popular awareness of privacy issues.

Big companies made big new investments in the Internet of Things, with Facebook introducing Portal and Google introducing the Home Hub, both designed to put their manufacturers at the center of home life. Companies also gave users new reasons to question the privacy limits on their home assistant devices. One couple’s Amazon Alexa silently recorded one of their conversations and sent it to a colleague. And Facebook was unable to clearly say whether data collected through Portal could or would be used for targeting ads.

The torrent of data-related scandals this year drove new popular awareness of privacy issues. The Pew Research Center found that a whopping 74 percent of American adults had adjusted their Facebook privacy settings, taken a break from the platform, or deleted its app from their phones. More broadly, it also found that people are worried about their personal information online, and that the vast majority of American adults say it is important to them to be in control of who can get information about them.

User Privacy and the Law

Many legislators agree. 2018 was a blockbuster year for legislative action on privacy. On May 25, Europe’s General Data Privacy Regulation (GDPR) took effect. The law includes some of the most ambitious privacy protections ever put into force. However, the immediate impact of the regulation has been a mixed bag. On paper, GDPR prohibits tracking unless the user has opted in. In reality, users are being confronted with “consent management” pop-ups which enable “consent” with one click but erect an obstacle course for anyone who wants to refuse. A challenge moving forward is to successfully engineer meaningful systems of consent that are not stymied by evasive company systems that generate consent fatigue.

In the United States, 2018 may go down as the year that government began to get serious about privacy.

Some sites, such as Facebook and Yahoo, simply deny access to users who don't agree to allow tracking, making a mockery of the idea of choice. Other organizations, like ICANN, made some privacy-positive improvements under GDPR, but did not take the opportunity to go far enough. And it remains to be seen whether the GDPR can curb the most entrenched and sophisticated trackers, including companies that currently use browser fingerprinting to sidestep users’ attempts to opt out. Worst of all, the government of Romania tried to use GDPR to force journalists to reveal their sources, underlining the importance of strong exceptions for newsgathering in any privacy legislation.

In the United States, 2018 may go down as the year that government began to get serious about privacy. The deluge of privacy scandals, from Equifax to Cambridge Analytica, made room for serious privacy proposals on the legislative floor. Responding to the Equifax debacle, Vermont passed a trailblazing new law that begins to regulate data brokers. The California Consumer Privacy Act (CCPA), though far from perfect, is a good start—and there is a lot of work to be done before it goes into effect in 2020. EFF will fight to improve the law and oppose industry efforts to weaken it.

Even as some lawmakers moved to protect users’ privacy, corporations increased their lobbying at the both the state and federal levels to try to protect their own interests. In Illinois, hostile bills and legal attacks threatened to defang the state’s Biometric Information Privacy Act, the strongest protection for biometrics like fingerprints, voiceprints, and facial recognition in the country. In California, as noted above, EFF is fighting industry efforts to weaken the newly-passed CCPA. And in Washington, DC, Big Tech has attempted to “preempt” (a legal term for “dismantle”) strong state-level privacy laws with weaker federal legislation. We’ve resisted those efforts.

While the tech industry has been pitching its version of “privacy law,” EFF has outlined its own recommendations for a legal framework that protects users’ civil liberties online without undermining innovation. We’ve explained how legislatures at every level can establish smart, effective, and carefully-tailored rules to protect user privacy, defend the freedom to tinker, and avoid impeding speech or innovation. We’ve also endorsed the idea of treating tech companies as information fiduciaries, which would legally require them to use your information in your best interests.

The tech company scandals and legislative complexity around consumer privacy show no signs of slowing down in 2019—and neither will we. EFF will be here to keep fighting for users’ privacy rights in 2019 and beyond.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.

Related Updates

Law enforcement access to data is in the middle of a profound shake-upacross the globe. States are pushing to get quicker, deeper, and more invasive access to personal data stored on the global Internet, and are looking to water down the international safeguards around privacy and due...

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters...

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data...

France’s data protection authority is first out the gate with a big decision regarding a high-profile tech company, and every other enforcer in Europe is taking notes. On January 21, France’s CNIL fined Google 50 million Euros for breaches of the General Data Protection Regulation (GDPR)...

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though...

Since even before he took office, President Trump has called for a physical wall along the southern border of the United States. Manydifferentorganizations have argued this isn’t a great idea. In response, some Congressional Democrats have suggested turning to surveillance...